Prefer secure connection during image pruning #14114
Conversation
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
ec98511
to
ad4a823
Compare
|
Regenerated completions. |
|
Flake #14122 |
|
Flake #12927 |
|
[test] |
|
Flakse #14140. re-[test] |
|
@miminar can you confirm if this PR will solve the problem from https://bugzilla.redhat.com/show_bug.cgi?id=1448595 ? |
|
Flake #13426 in job https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/1349/. re-[test] |
If they keep using wrong certificate authority, this PR will at least allow them to force insecure connection. |
|
Flake #12251. re-[test] |
|
[merge] |
|
Flake #14228. |
|
|
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
f023bc9
to
755f74e
Compare
|
Fixed. The code now takes into account an insecure flag in user's kubeconfig - just like before. Also the registry pinger now generates more readable errors. It won't attempt HTTP ping if a secure transport is requested. |
|
@soltysh may I request one more look of yours? |
|
[test] |
|
flake #8571 |
|
The extended tests may need some changes. I'll investigate on Monday. |
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
755f74e
to
a278e5d
Compare
|
The pruner now allows insecure connections for private addresses. |
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
a278e5d
to
48ee2df
Compare
The default stays the same. When a CA bundle or a registry url is specified, require secure connection with certificate verification. Allow the user to force insecure connection using --force-insecure if he has to. Signed-off-by: Michal Minář <[email protected]>
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
48ee2df
to
af35aba
Compare
|
Here's a documentation: openshift/openshift-docs#4471 @dmage could you please help review this? I'd like to get it in before the pruning changes for the read-only mode. |
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
af35aba
to
d8ea2a7
Compare
|
No change, just re-signed the last commit to trigger new test runs. |
|
Oh the extended test has been renamed. One more try: |
Signed-off-by: Michal Minář <[email protected]>
miminar
force-pushed
the
secure-images-prune-by-default
branch
from
d8ea2a7
to
50b0858
Compare
|
Evaluated for origin testextended up to 50b0858 |
|
Evaluated for origin test up to 50b0858 |
|
continuous-integration/openshift-jenkins/testextended SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin_extended/508/) (Base Commit: a1dffba) (Extended Tests: core(ImagePrune)) |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/1794/) (Base Commit: a1dffba) |
|
@mfojtik merge? |
|
[merge][severity:blocker] blocker bug: https://bugzilla.redhat.com/show_bug.cgi?id=1448595 |
|
Flake #12072 |
|
[merge][severity:blocker] |
|
Evaluated for origin merge up to 50b0858 |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/838/) (Base Commit: 5a19120) (Extended Tests: blocker) (Image: devenv-rhel7_6281) |
Automatic merge from submit-queue [3.6][Backport] Prune images (not)securely Back-porting: - #14114 - #14405 - #14914 - #15899 Resolves [bz#1476779](https://bugzilla.redhat.com/show_bug.cgi?id=1476779)
The default stays the same. When a CA bundle or a registry url is specified, require secure connection with certificate verification. Allow the user to force insecure connection using --force-insecure if he has to.